Thinking that the problem was the selfcheck, I disabled it in clamd.conf.
I also stopped the freshclamd process. When clamd was restarted the next
time, the log reported:
Self checking disabled.
But, the clamd daemon continues to abend one hour after it starts.
What other clamd process could be running one hour after starting? Is the
report that selfcheck is disabled bogus?
Any ideas?
Thanks
David
--On Thursday, October 20, 2011 11:28 AM -0700 David Alix
<[email protected]> wrote:
I am running Clamav and freshclam 0.97.1, called from mimedefang, with
sendmail on Solaris 2.9. Starting yesterday morning, clamd has abended
whenever it selfchecks.
The clamd.log reported the following when the problem began:
Wed Oct 19 09:52:25 2011 -> SelfCheck: Database modification detected.
Forcing reload.
Wed Oct 19 09:52:25 2011 -> Reading databases from
/opt/ClamAV/share/clamav
Wed Oct 19 09:52:37 2011 -> Database correctly reloaded (1056463
signatures)
Wed Oct 19 10:52:38 2011 -> SelfCheck: Database status OK.
Wed Oct 19 10:56:01 2011 -> +++ Started at Wed Oct 19 10:56:01 2011
Wed Oct 19 10:56:01 2011 -> clamd daemon 0.97.1 (OS: solaris2.9, ARCH:
sparc, CPU: sparc)
Wed Oct 19 10:56:01 2011 -> Log file size limited to 1048576000 bytes.
daily.clv was updated from 13820 to 13822 at 8:54 that morning.
Since, then, a "self-check:database status OK" has not been recorded.
The freshclam log reports:
Received signal: wake up
ClamAV update process started at Thu Oct 20 10:03:18 2011
WARNING: Can't query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): connect_error: getsockopt(SO_ERROR): fd=5
error=146: Connection refused
Can't connect to port 80 of host db.us.clamav.net (IP: 69.12.162.28)
OK
main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder:
sven)
Reading CVD header (daily.cvd): OK (IMS)
daily.cld is up to date (version: 13828, sigs: 15076, f-level: 60,
builder: neo)
Can't query daily.13828.61.1.0.194.186.47.19.ping.clamav.net
Reading CVD header (bytecode.cvd): OK (IMS)
bytecode.cld is up to date (version: 148, sigs: 39, f-level: 60, builder:
acab)
Can't query bytecode.148.61.1.0.194.186.47.19.ping.clamav.net
--------------------------------------
Update process interrupted
--------------------------------------
The daily.cld continues to be updated successfully.
I have a script that checks for an active clamd daemon every minute, and
restarts it when necessary.
ANyone else seeing this problem with clamd and selfchecks, or can give me
some suggestions on how to address it?
As a side note, at 9:30 AM this morning I changed the clamd.conf file to
perform a selfcheck every 7200 seconds. The clamd died, and was
restarted a few minutes after 10AM. But the selfcheck was performed a
few minutes after 11AM (3600 seconds later). I don't understand why it
wouldn't go at two hour intervals.
Thanks
___________________________________
David Alix
Information Systems and Computing
[email protected]
(805)893-4456
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
___________________________________
David Alix
Information Systems and Computing
[email protected]
(805)893-4456
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
